Server 2012 VPN with L2TP

Discussion in 'Computer Networking and Servers' started by finsfree, Sep 9, 2017.

  1. finsfree

    finsfree Member

    Messages:
    237
    Hi Guys,

    I'm trying to to setup a VPN connection to my Server 2012. I was able to make the connection in a virtual environment, however I'd like to be able to connect from the WAN side (outside). I have been unsuccessful so far.

    I believe my issue is with IKE. Here is the log file from my firewall. In the firewall i did enable port 500, 1701, 4500.
    upload_2017-9-9_17-30-56.png
     
  2. beers

    beers Moderator Staff Member

    Messages:
    7,393
    What client are you using for the client side of the tunnel?

    Can you post config bits? It sounds like maybe a payload mismatch such as tunneled vs header etc.
     
  3. finsfree

    finsfree Member

    Messages:
    237
    My Remote Access Server 2012 is virtual.

    To be on a different network, I'm using a laptop connect to my iPhone's hotspot. I know it's not ideal but this is my setup.

    config bits?
     
  4. voyagerfan99

    voyagerfan99 Master of Turning Things Off and Back On Again Staff Member

    Messages:
    22,798
    1. Be sure you have the necessary ports open or forwarded to the server in your router/firewall
    2. Verify your settings are correct in the VPN client [passphrase, encryption settings, etc.] (I am assuming you are using the built in Windows VPN)
     
  5. finsfree

    finsfree Member

    Messages:
    237
    Yes, I'm using the built in VPN on Server 2012. All of the necessary ports are open.

    What are config bits?
     
    Last edited by a moderator: Sep 12, 2017
  6. voyagerfan99

    voyagerfan99 Master of Turning Things Off and Back On Again Staff Member

    Messages:
    22,798
    That was obvious. I meant for the VPN client, not the VPN server.
     
  7. finsfree

    finsfree Member

    Messages:
    237
    Update !

    I can connect with a smart phone (iOS or Android) to the Windows Server 2012 VPN, but I cannot connect with a computer (Win10).

    I receive this error message:
    upload_2017-9-14_16-4-29.png
     
  8. voyagerfan99

    voyagerfan99 Master of Turning Things Off and Back On Again Staff Member

    Messages:
    22,798
    Doesn't look like you have the correct ports open/forwarded to the server in your router/firewall.

    L1TP requires:
    TCP 1701
    UDP 500 - This is for the security association (also called the SA) to negotiate the security method, whether it's a password, certificate or Kerberos.
    AH - Also called Authenticated Headers. This is Protocol ID 50 - and like above, this is not a port, and it depends on your firewall on how to configure it.
    ESP - Encapsulated Secure Payload. This is Protocol ID 51 - and like above, this is not a port, and it depends on your firewall on how to configure it.


    If you want just a basic VPN you can do SSTP instead which only requires port 443.
     
    finsfree likes this.
  9. finsfree

    finsfree Member

    Messages:
    237
    I'm using L2TP/IPSec for a VPN protocol. I did enable AH and ESP on the Zywall USG 20 firewall.

    Everything is pointing to my Windows Server 2012 (Serv3).

    Ports that are open on the firewall:
    • 1701 UDP
    • 500 IKE
    • 4500 NAT-T
    NAT Service:
    • 1701 to 1701
    • 500 to 500
    • 4500 to 4500
    Here I'll show you the Firewall & NAT settings.
    Firewall.JPG NAT.JPG
     
    Last edited: Sep 15, 2017 at 3:34 PM

Share This Page